Key Takeaways
- IAASB sets the ISAs that form the baseline for national audit standards in most European jurisdictions, including the Netherlands and Germany.
- Its 2025 Handbook spans five volumes covering quality management, auditing, review, other assurance, and related services.
- ISA 240 (Revised) and ISA 570 (Revised 2024) both take effect for periods beginning on or after 15 December 2026.
- Non-Big 4 firms adopting IAASB standards early gain a head start on implementation before national regulators mandate the change.
What is IAASB (International Auditing and Assurance Standards Board)?
Every time your methodology team updates the firm's audit manual, the changes trace back to one body: the IAASB. It operates under PIOB oversight to protect the public interest. An 18-member board (plus a non-voting chair) drafts exposure drafts, receives public comment, and issues final pronouncements. National standard-setters then adopt or adapt those pronouncements. In the Netherlands, the NBA transposes ISAs into NV COS (Dutch Standards on Auditing). In Germany, the IDW maps ISAs into its own standards, though the content aligns closely.
For a mid-tier firm, the IAASB matters because its output determines the structure of every engagement file. ISA 315 (Revised 2019) reshaped risk assessment with its spectrum-of-inherent-risk approach. ISQM 1 replaced the old firm-level quality control standard (ISQC 1) with a risk-based quality management system, effective since 15 December 2022. More recently, the board has turned to fraud ( ISA 240 Revised), going concern ( ISA 570 Revised 2024), sustainability assurance (ISSA 5000), and the related IESBA ethics amendments, all effective for periods beginning on or after 15 December 2026.
Knowing which pronouncements are current and which have been superseded is not optional. Applying the wrong version of a standard is a finding waiting to happen.
Worked example: Dupont Ingenierie S.A.S.
Client: French engineering services company, FY2026, revenue EUR 92M, IFRS reporter. An engagement partner at a mid-tier Paris firm needs to determine which IAASB standards apply to the FY2026 audit (year ending 31 December 2026).
Step 1. Identify the effective standards
First, the team checks the IAASB's 2025 Handbook. ISA 240 (Revised) and ISA 570 (Revised 2024) are effective for periods beginning on or after 15 December 2026. Since Dupont's financial year begins 1 January 2026, these revised standards do not yet apply to the FY2026 audit. Current versions of ISA 240 and ISA 570 remain in force.
Step 2. Assess ISQM 1 compliance at firm level
ISQM 1 has been effective since 15 December 2022, so the firm's quality management system must already reflect its requirements. She confirms that the firm completed its initial ISQM 1 evaluation by 15 December 2023 (the one-year implementation window under ISQM 1.3) and that the most recent monitoring cycle identified no systemic deficiencies.
Step 3. Determine whether ISSA 5000 applies
Dupont falls within the scope of the CSRD (revenue above EUR 50M), and the firm has been asked to provide limited assurance on Dupont's sustainability report. ISSA 5000 becomes effective for periods beginning on or after 15 December 2026, so it does not apply to a sustainability report covering FY2026 (period beginning 1 January 2026). For now, ISAE 3000 (Revised) governs the engagement.
Step 4. Plan for transition
She prepares a transition impact memo covering the standards taking effect for FY2027. For ISA 240 (Revised), the memo addresses the new requirement to apply a fraud lens throughout risk assessment and the co-ordinated changes in ISA 570 (Revised 2024) around management's going concern assessment. For ISSA 5000, it covers new engagement acceptance criteria for sustainability assurance.
For FY2026, the engagement applies current ISA versions and ISAE 3000 (Revised) for sustainability assurance. A documented transition plan covers ISA 240 (Revised), ISA 570 (Revised 2024), and ISSA 5000 before they take effect for FY2027 periods.
Why it matters in practice
Teams frequently apply paragraph references from superseded versions of ISAs without verifying whether a revised version is in effect. This is not a theoretical risk. When ISA 315 (Revised 2019) replaced ISA 315 (Revised) in December 2022, firms that continued citing old paragraph numbers produced working papers that referenced requirements no longer in force. That same transition risk applies to ISA 240 and ISA 570 once the revised versions take effect. At firms like ours, the first thing we do after a new pronouncement becomes effective is run a search-and-replace across every template to catch stale paragraph citations.
IAASB standards carry no direct legal force on their own. They become binding only when a national standard-setter adopts them. Practitioners in the Netherlands sometimes cite ISA paragraph numbers directly rather than the corresponding NV COS references. While the content is substantively identical, AFM inspectors expect references to the Dutch transposition, and citing the ISA instead of NV COS can flag a documentation gap even when the underlying work is correct. I think too many firms still treat IAASB updates as a ticking and bashing exercise (swap one paragraph number for another, move on). The real question is whether the revised standard changes how you do the work, not just how you cite it.
IAASB vs IFAC
| Dimension | IAASB | IFAC |
|---|---|---|
| Role | Independent standard-setting board for auditing, assurance, and related services | Global umbrella organisation for the accountancy profession |
| Output | ISAs, ISAEs, ISRSs, ISQMs, and ISSA 5000 | Policy positions, advocacy, member body coordination |
| Governance | Overseen by the PIOB to protect public interest independence | Governed by its own board and council of member bodies |
| Membership | 18 board members (plus non-voting chair) appointed through a public nominations process | Over 180 member organisations across 130+ jurisdictions |
| Binding force | Standards have no direct legal force until adopted nationally or regionally | No standard-setting authority; supports adoption of IAASB and IESBA standards |
Practitioners sometimes treat IAASB and IFAC as interchangeable. They are not. IFAC is the parent structure; the IAASB is the operationally independent board within it. Criticisms directed at IFAC (governance, conflicts of interest) do not automatically apply to IAASB pronouncements, which are developed under PIOB oversight with public exposure and comment periods.
Related terms
Related reading
Frequently asked questions
Are IAASB standards mandatory for European auditors?
Not directly. The IAASB issues international standards, but they become binding only when adopted by a national standard-setter or required by EU regulation. In most EU member states, national auditing standards are based on or identical to the ISAs. The EU Audit Regulation (537/2014) requires statutory auditors to apply ISAs as adopted at EU level, though formal EU-wide ISA adoption remains pending.
When do the revised ISA 240 and ISA 570 take effect?
Both ISA 240 (Revised) and ISA 570 (Revised 2024) are effective for audits of financial statements for periods beginning on or after 15 December 2026. For a calendar-year entity, this means the FY2027 audit is the first engagement under the revised standards. Early adoption is permitted.
What is ISSA 5000 and how does it relate to the IAASB?
ISSA 5000, International Standard on Sustainability Assurance, is the IAASB's first standalone sustainability assurance standard. It becomes effective for periods beginning on or after 15 December 2026. The standard applies to assurance engagements on sustainability information reported under any framework, including ESRS under the CSRD.